This is the first published study in this field to include SPoF (Single Point of Failure) data, which highlights the dependencies a company has on third-party systems and services. This paper represents a snapshot of our ongoing work exploring what is a deep and highly complex dataset.

At Gallagher Re, we have been exploring this data’s vast potential for several years. This research has informed the development of a suite of proprietary tools and services aimed at supporting the (re)insurance community in realising the potential of cyber data to enhance underwriting and portfolio monitoring. Principal among these is TIDE, our portfolio quality and benchmarking tool.

DataGrail’s 2024 Data Privacy Trends Report shows how these factors are playing out on the ground and provides a benchmark for businesses to see how they are tracking. Businesses are receiving more privacy requests, also known as Data Subject Requests (DSRs) every year; we saw a 246% increase in requests from 2021 to 2023.

This is the sixth year in a row Tidelift has conducted a survey about open source and the third time it focused exclusively on the maintainers who create and maintain the open source projects we all depend on. The most cited stat from that previous survey was that 60% of maintainers described themselves as unpaid hobbyists. We asked the same question again this year to see if things had changed.

IANS and Artico Search conducted their fifth annual CISO Compensation and Budget Research Study. Our analysis of the key drivers behind security budget growth reveals significant increases are often triggered by incidents or breaches, or by rising risks such as those associated with AI adoption.

OWASP MASVS sets a minimum bar for mobile app developers to follow when building apps securely and provides security teams with the ideal testing strategy as part of the organization’s proof of controls. NowSecure benchmark mobile application security testing analysis shows 95% of nearly 6,500 leading mobile apps fail at least one of the seven OWASP MASVS categories.

In this report, the term security awareness program is used to describe a structured effort to engage, train, and secure your workforce and build a strong security culture. However, many organizations refer to such efforts using different terms, including security behavior and culture, security engagement and influence, security training and education, security communications, or human risk management.

This report leverages N2K’s analytical strengths to map WiCyS members’ skills directly to the NICE Workforce Framework, categorizing capabilities into functional areas that highlight the unique strengths and potential growth opportunities for WiCyS members. By conducting thorough diagnostics and focused analyses, this partnership identifies the capabilities of WiCyS members and aligns them with industry standards to ensure that their skills are recognized and utilized to the fullest.

Several trends in the way we work and consume technology have resulted in an ever-expanding cyberattack surface for organizations of all sizes. Comprehensive digital transformation across enterprises, the rise in cloud adoption, the normalization of working from anywhere, and Internet of Things (IoT) initiatives have resulted in an explosion of new applications, along with an increased rate of iterations and updates.

Built on passion and expertise, Altitude Cyber delivers strategic advisory services specifically tailored for founders, investors, startups, and their boards. Our unique approach fuses strategic insight with financial acumen to help your company soar to new heights.

To help businesses measure cyber attack readiness, we analyzed performance data from the 982 corporate security teams and 5,117 professionals who participated in our global CTF competition. HTB Business CTF: The Great Escape featured over 30 hacking challenges based on the live threat landscape covering areas such as forensics, blockchain, cloud, and more.

This report helps uncover vulnerabilities missed by traditional security tools and detect unnoticed malicious activities. To understand how security professionals utilize threat hunting, we surveyed 218 security analysts to identify effective strategies, challenges, and metrics for success.

This white paper explores the 5-step process, highlighting our findings across many data sources and rigorous testing of our telemetry pipeline. As we detail our methodology, we’ll also suggest different use cases. The goal is to showcase our journey and equip you with the tools and understanding to optimize your telemetry data.

CDW Canada’s 2023 Canadian Hybrid Cloud Report, our latest annual survey with IDC, to learn how organizations are transforming into a digital business, adopting cloud platforms, deploying hybrid and multicloud solutions. You’ll also find out what are the top business objectives shaping digital infrastructure strategies in Canada.

Cloud security risks and vulnerabilities are on the rise and 30% of businesses fail to apply adequate security controls or provide the tools security and DevOps engineers really need to solve this problem. Unprecedented and rapid expansion to the cloud, prompted by many organizations’ digital transformation also means that cloud services are expanding faster than ever before. AWS alone has experienced over 1000% growth in services since 2013.

Application Programming Interfaces (APIs) have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has proliferated, however, the importance of properly securing APIs is also becoming increasingly evident. API-related hacks and data breaches have impacted companies across nearly all sectors and geographies, resulting in skyrocketing remediation and legal costs for companies.

In this report, the McAfee Labs team conducted an in-depth analysis and review of AI-cloning tools to evaluate the pervasiveness of the technology used in these scams and to discover how they could help consumers better protect themselves.

For the last eight years, we’ve produced the State of DevOps report, hearing from over 33,000 professionals worldwide. We’ve outlined the DevOps practices that drive successful software delivery and operational performance, with a deep focus on security for the 2022 report.

In this report, we update the research summarized in the Capstone Report with current job opening data to compare the civilian cybersecurity and IT workforces with those in the U.S. government and the private sector. We also extend the DoD-private industry comparison research summarized in the Capstone Report by further examining the proportion of workers across a common taxonomy of cyber work roles, salaries paid across work roles, and demand for these jobs. Thus, this report both updates and expands upon the research presented in the Capstone Report.

In the first half of 2021, we found that 99.09% of attacks were smaller than 10Gbps and 95.62% of attacks were smaller than 1Gbps, of which we believe a majority were launched using readily available and inexpensive DDoS-for-hire services.

This report offers IT, risk management and security leaders a lens into factors that can increase or help mitigate the rising cost of data breaches. This report also examines root causes, short-term and long-term consequences of data breaches, and the mitigating factors and technologies that allow companies to limit losses.